PH1K3

cruzin throw other ppl's log files

Apr 21st, 2017
1,623
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2. cruzin throw kibana
  3.  
  4. search it:
  5. https://www.shodan.io/search?query=port%3A%225601%22+kibana
  6. port:"5601" kibana
  7. or search for "Elastic"
  8. scan for port 5601 with something in C etc etc..
  9.  
  10. whatisit:
  11. webui for log management, a way to search in "metadata"
  12. just search on ELK and you will find alot about it
  13.  
  14. who:
  15. isp use it alot/people who have alot of data/log files to go throw/ ids systems
  16.  
  17. watch the meta data throw the inet
  18. port:5601
  19.  
  20. what u get:
  21. a javascript ui with a regex based search bar
  22. you will c a tab with the text "last 15minutes" on it, press that and change it to like 1day
  23. or something to get more data
  24.  
  25. access:
  26. 70% dont have login enabled but if they do the default login is kibana/changeme
  27. you have to install plugins to add more "security" and ppl are often lazy so why should they
  28. install "security" plugins?(LoL)
  29.  
  30.  
  31. Lets cruze
  32.  
  33. chinese stuff? alitravel? callling it eye insight
  34. http://114.215.197.16:5601/
  35.  
  36. google: 35.185.53.25:5601
  37. remote_addr: 10.142.0.11 body_bytes_sent: 4,538 http_version: 1.1 request_method: GET type: nginx-access request_url: / http_user_agent: Sensu-HTTP-Check remote_user: - request_time: 0@timestamp: port: 53,896@version: 1 host: 10.12.2.18 http_referrer: - time: status: 200 _id: _type: nginx-access _index: logstash-2017.04.21 _score:@timestamp: port: 59,26 @version: 1host: 113.140.89.71 message: 2017-0 - INFO [pool-5-thread-2] om.lifeccp.osprey.component.OspreyLogger : Osprey[029_1] Schedule[scan] Scanning Study End _id: AVuJdrQjnBhO0q9DgoY1 _type: logs _index: osprey-2017 _score:
  38. -
  39.  
  40.  
  41. More CH stuff:
  42. logging user agents...
  43. http://125.208.22.23:5601/app/kibana
  44. t @version 1
  45. t _id AVuS1wkJ438Ruq
  46. t _index logstash-2017
  47. # _score -
  48. t _type nginx
  49. t agent "Dalvik/1.6.0 (Linux; U; Android 4.4.4; vivo Y29L Build/KTU84P)"
  50. t bytes 1265
  51. t clientip 39.83.155.89
  52. # facility 1
  53. t facility_label user-level
  54. t host 10.0.1.42
  55. t http_date 2017 +0000
  56. t http_host pay.datactive.cn
  57. t httpversion 1.1
  58. t logsource 52f245d02e0c
  59. t message pay.datactive.cn 39.83.155.89 [ +0000] "GET /s1/strategy?v=30&appid=46&cs=&ch=90123 HTTP/1.1" 404 1265 "-" "Dalvik/1.6.0 (Linux; U; Android 4.4.4; vivo Y29L Build/KTU84P)" 0.002 0.002
  60. t pid 28226
  61. # priority 14
  62. t program nginx-common
  63. t referrer "-"
  64. t request /s1/strategy
  65. # request_time 0.002
  66. t response 404
  67. # severity 6
  68. t severity_label Informational
  69. t tags _grokparsefailure
  70. t type nginx
  71. # upstream_time 0.002
  72. t uriparam ?v=30&appid=46&cs=&ch=90123
  73. t verb GET
  74.  
  75.  
  76.  
  77.  
  78.  
  79. RU:
  80. http://217.23.155.14:5601/app/kibana
  81. weird to have geo cords in it , maybe a isp
  82. t _id delivery_75794431
  83. t _index television
  84. # _score -
  85. t _type delivery
  86. # courierId -1
  87. # courierRole 0
  88. t courierRoleName Unknown
  89. creationTime
  90. t creatorRole Оператор
  91. # deliveryId 75,794,431
  92. t dlvType dlv2
  93. executionDate
  94. t id delivery_75794431
  95. modificationTime April 22nd 2017, 00:45:13.041
  96. recipientCoordinate 37.6611, 55.7331
  97. senderCoordinate 37.6701, 55.7701
  98. # status 10
  99. t statusName Черновик
  100. userIsLegalEntity true
  101.  
  102.  
  103. IoT in DE
  104. http://176.28.18.103:5601/app/kibana
  105. _id AVuR_1uEHW_jqxJ8grhl
  106. t _index weather
  107. # _score -
  108. t _type logging
  109. # humidity 0
  110. # node 1
  111. t sensor 6
  112. # temperature 18
  113. # voltage 4.156
  114.  
  115. here is one that redirects to a docker ui
  116. http://139.162.194.194:5601 redir to port 5001/
  117. monitoring mysql
  118.  
  119. Opera:
  120. 107.167.123.211
  121. with the error:"Login is disabled because your license has expired. Please extend your license or disable Security in Elasticsearch. "
  122. lol nice way of makeing sure ppl pay haha
  123.  
  124. http://139.196.36.243:5601/app/kibana
  125. {
  126. "_index": "llq",
  127. "_type": "product",
  128. "_id": "1555_40",
  129. "_score": 1,
  130. "_source": {
  131. "id": "1555_40",
  132. "mainProImgUrl": "http://img001.007fenqi.com/product/1464057982921_af8ae9da14e0d950acd56ed41d333c74.png",
  133. "promotionType": "aging",
  134. "defaultEveryAmount": 13.33,
  135. "brandId": 182,
  136. "proSkuPrice": 129,
  137. "productType": "normal",
  138. "promotionId": 40,
  139. "stock": 10,
  140. "shopId": 1,
  141. "name": "闪迪(SanDisk) 至尊高速 OTG 64GB USB3.0手机U盘,读130MB/秒,(micro-USB 和 USB双接口)",
  142. "pinyin": null,
  143. "marketPrice": 199,
  144. "contents": "http://item.jd.com/1317975.html",
  145. "status": "online",
  146. "updateTime": 1462965068000,
  147. "categoryType": null,
  148. "categoryId": 2,
  149. "productId": 1555,
  150. "discount": 100,
  151. "productSkuId": 5739,
  152. "defaultPeriod": 12,
  153. "sellerId": 1,
  154. "customTitle": null,
  155. "hot": false,
  156. "singleSku": true,
  157. "channel": null,
  158. "basePrice": 129
  159. },
  160. "fields": {
  161. "mainProImgUrl": [
  162. "http://img001.007fenqi.com/product/1464057982921_af8ae9da14e0d950acd56ed41d333c74.png"
  163. ],
  164. "marketPrice": [
  165. 199
  166. ],
  167. "defaultEveryAmount": [
  168. 13.33
  169. ],
  170. "promotionType": [
  171. "aging"
  172. ],
  173. "contents": [
  174. "http://item.jd.com/1317975.html"
  175. ],
  176. "status": [
  177. "online"
  178. ],
  179. "updateTime": [
  180. 1462965068000
  181. ],
  182. "categoryId": [
  183. 2
  184. ],
  185. "proSkuPrice": [
  186. 129
  187. ],
  188. "brandId": [
  189. 182
  190. ],
  191. "productType": [
  192. "normal"
  193. ],
  194. "productId": [
  195. 1555
  196. ],
  197. "discount": [
  198. 100
  199. ],
  200. "promotionId": [
  201. 40
  202. ],
  203. "id": [
  204. "1555_40"
  205. ],
  206. "stock": [
  207. 10
  208. ],
  209. "productSkuId": [
  210. 5739
  211. ],
  212. "shopId": [
  213. 1
  214. ],
  215. "defaultPeriod": [
  216. 12
  217. ],
  218. "sellerId": [
  219. 1
  220. ],
  221. "name": [
  222. "闪迪(SanDisk) 至尊高速 OTG 64GB USB3.0手机U盘,读130MB/秒,(micro-USB 和 USB双接口)"
  223. ],
  224. "hot": [
  225. false
  226. ],
  227. "singleSku": [
  228. true
  229. ],
  230. "basePrice": [
  231. 129
  232. ]
  233. }
  234. }
  235.  
  236.  
  237.  
  238.  
  239.  
  240.  
  241.  
  242.  
  243. its alot of servers that run this stuff, and if they log http or smtp with a squid-proxy/<simular-proxy> logs
  244. you might find some good stuff
  245.  
  246.  
  247. links:
  248. https://www.elastic.co/guide/en/x-pack/current/kibana.html
  249.  
  250. /PH1K3
RAW Paste Data